IBM Support

PI28371: FIX ISSUE WITH OAUTH/OIDC CONSENT NO LONGER BEING CACHED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • In OAuth and OpenID Connect flows, a user might be prompted
    for consent to share scopes with another party. The function
    ality to cache this consent had been removed, forcing users
    to give their consent to share scopes every time they logged
     in.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server Liberty Profile utilizing OAuth or   *
    *                  OpenID Connect                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: User consent for sharing scopes in      *
    *                      OAuth/OIDC flows is not cached          *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In OAuth and OpenID Connect flows, a user might be prompted for
    consent to share scopes with another party. The functionality to
    cache this consent had been removed, forcing users to give their
    consent to share scopes every time they logged in.
    

Problem conclusion

  • The logic for OAuth and OpenID Connect flows has been corrected
    to cache a user's consent for sharing the selected scopes when
    using the default consent form provided by the Liberty runtime.
    Some other minor updates have also been included, such as not
    caching consent in the event of an authorization failure and
    some display issues in the consent form due to browser
    differences.
    The fix for this APAR is currently targeted for inclusion in fix
    pack 8.5.5.4.  Please refer to the Recommended Updates page for
    delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI28371

  • Reported component name

    WAS LIBERTY COR

  • Reported component ID

    5725L2900

  • Reported release

    855

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-10-24

  • Closed date

    2014-10-28

  • Last modified date

    2014-10-28

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WAS LIBERTY COR

  • Fixed component ID

    5725L2900

Applicable component levels

  • R855 PSY

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"855","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
28 April 2022